diff options
| author | Stef Walter <stefw@collabora.co.uk> | 2011-03-19 01:42:55 +0800 |
|---|---|---|
| committer | Stef Walter <stefw@collabora.co.uk> | 2011-03-22 23:00:12 +0800 |
| commit | 8b18f92aedef75ae557e879ddc4a60ce833d50d3 (patch) | |
| tree | 9a2196c1fa0283a723112ed672d3a6edbb8631be /libempathy/empathy-server-tls-handler.c | |
| parent | 19d3ea612850bc3e2fabc387997e97ea11c89645 (diff) | |
| download | gsoc2013-empathy-8b18f92aedef75ae557e879ddc4a60ce833d50d3.tar gsoc2013-empathy-8b18f92aedef75ae557e879ddc4a60ce833d50d3.tar.gz gsoc2013-empathy-8b18f92aedef75ae557e879ddc4a60ce833d50d3.tar.bz2 gsoc2013-empathy-8b18f92aedef75ae557e879ddc4a60ce833d50d3.tar.lz gsoc2013-empathy-8b18f92aedef75ae557e879ddc4a60ce833d50d3.tar.xz gsoc2013-empathy-8b18f92aedef75ae557e879ddc4a60ce833d50d3.tar.zst gsoc2013-empathy-8b18f92aedef75ae557e879ddc4a60ce833d50d3.zip | |
Use ServerTLSConnection.ReferenceIdentities to check cert identity.
The certificate identity can be checked against more than just
one piece of information. Load and use all the reference identities
to check the identity of the certificate.
https://bugzilla.gnome.org/show_bug.cgi?id=645119
Diffstat (limited to 'libempathy/empathy-server-tls-handler.c')
| -rw-r--r-- | libempathy/empathy-server-tls-handler.c | 47 |
1 files changed, 45 insertions, 2 deletions
diff --git a/libempathy/empathy-server-tls-handler.c b/libempathy/empathy-server-tls-handler.c index 6180fefea..61c3af11b 100644 --- a/libempathy/empathy-server-tls-handler.c +++ b/libempathy/empathy-server-tls-handler.c @@ -20,6 +20,7 @@ #include "empathy-server-tls-handler.h" +#include <telepathy-glib/interfaces.h> #include <telepathy-glib/util.h> #define DEBUG_FLAG EMPATHY_DEBUG_TLS @@ -35,6 +36,7 @@ enum { PROP_CHANNEL = 1, PROP_TLS_CERTIFICATE, PROP_HOSTNAME, + PROP_REFERENCE_IDENTITIES, LAST_PROPERTY, }; @@ -43,6 +45,7 @@ typedef struct { EmpathyTLSCertificate *certificate; gchar *hostname; + gchar **reference_identities; GSimpleAsyncResult *async_init_res; } EmpathyServerTLSHandlerPriv; @@ -99,9 +102,15 @@ tls_handler_init_async (GAsyncInitable *initable, GHashTable *properties; const gchar *cert_object_path; const gchar *hostname; + const gchar * const *identities; const gchar *bus_name; TpDBusDaemon *dbus; GError *error = NULL; + /* + * Used when channel doesn't implement ReferenceIdentities. A GStrv + * with [0] the hostname, and [1] a NULL terminator. + */ + gchar *default_identities[2]; EmpathyServerTLSHandler *self = EMPATHY_SERVER_TLS_HANDLER (initable); EmpathyServerTLSHandlerPriv *priv = GET_PRIV (self); @@ -112,11 +121,35 @@ tls_handler_init_async (GAsyncInitable *initable, properties = tp_channel_borrow_immutable_properties (priv->channel); hostname = tp_asv_get_string (properties, - EMP_IFACE_CHANNEL_TYPE_SERVER_TLS_CONNECTION ".Hostname"); + TP_PROP_CHANNEL_TYPE_SERVER_TLS_CONNECTION_HOSTNAME); priv->hostname = g_strdup (hostname); DEBUG ("Received hostname: %s", hostname); + identities = tp_asv_get_strv (properties, + TP_PROP_CHANNEL_TYPE_SERVER_TLS_CONNECTION_REFERENCE_IDENTITIES); + + /* + * If the channel doesn't implement the ReferenceIdentities parameter + * then fallback to the hostname. + */ + if (identities == NULL) + { + default_identities[0] = (gchar *) hostname; + default_identities[1] = NULL; + identities = (const gchar **) default_identities; + } + else + { +#ifdef ENABLE_DEBUG + gchar *output = g_strjoinv (", ", (gchar **) identities); + DEBUG ("Received reference identities: %s", output); + g_free (output); +#endif /* ENABLE_DEBUG */ + } + + priv->reference_identities = g_strdupv ((gchar **) identities); + cert_object_path = tp_asv_get_object_path (properties, EMP_IFACE_CHANNEL_TYPE_SERVER_TLS_CONNECTION ".ServerCertificate"); bus_name = tp_proxy_get_bus_name (TP_PROXY (priv->channel)); @@ -162,6 +195,8 @@ empathy_server_tls_handler_finalize (GObject *object) tp_clear_object (&priv->channel); tp_clear_object (&priv->certificate); + g_strfreev (priv->reference_identities); + g_free (priv->hostname); G_OBJECT_CLASS (empathy_server_tls_handler_parent_class)->finalize (object); } @@ -185,6 +220,9 @@ empathy_server_tls_handler_get_property (GObject *object, case PROP_HOSTNAME: g_value_set_string (value, priv->hostname); break; + case PROP_REFERENCE_IDENTITIES: + g_value_set_boxed (value, priv->reference_identities); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); break; @@ -235,10 +273,15 @@ empathy_server_tls_handler_class_init (EmpathyServerTLSHandlerClass *klass) g_object_class_install_property (oclass, PROP_TLS_CERTIFICATE, pspec); pspec = g_param_spec_string ("hostname", "The hostname", - "The hostname which should be certified by the server certificate.", + "The hostname the user is expecting to connect to.", NULL, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); g_object_class_install_property (oclass, PROP_HOSTNAME, pspec); + + pspec = g_param_spec_boxed ("reference-identities", "Reference Identities", + "The server certificate should certify one of these identities", + G_TYPE_STRV, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + g_object_class_install_property (oclass, PROP_REFERENCE_IDENTITIES, pspec); } static void |